Lesson Learned #163: Failed to save Auditing settings for server: xxx .Principal xxx does not exist
Published Feb 18 2021 02:25 PM 2,690 Views

I have been working on a support ticket were customer was getting the following error trying to save Auditing settings.




“Failed to save Auditing settings for server: xxx .Principal xxx does not exist in the directory xxx”. 


During auditing configuration , customer had selected, an storage account that was being used by other Azure SQL server to save their auditing logs.


We confirmed that storage account was configured with firewall enabled




The problem came because,  identity assignment  was not getting saved correctly.


Executing the following query we could see that identity was not getting saved

select * from sys.database_scoped_credentials


The solution was reassign the Identity and resave auditing executing the following PowerShell command


Set-AzSqlServer -ResourceGroupName <NameofTheRG> -ServerName  <NameOFTheServer> -AssignIdentity

If server also has TDE with AKV you will need to run :

$server = Get-AzSqlServer -ResourceGroupName rgname -ServerName server
$objectid = $server.Identity.PrincipalId
Set-AzKeyVaultAccessPolicy -VaultName vault -ObjectId $objectid -PermissionsToKeys get, wrapKey, unwrapKey


After apply mitigation, "select * from sys.database_scoped_credentials"  output was the following, and auditing configuration could be saved correctly 





Version history
Last update:
‎Feb 18 2021 02:25 PM
Updated by: